Internet to Tunisia

Simon Waters simonw at zynet.net
Tue Jan 11 09:17:19 CST 2011


On Tuesday 11 January 2011 14:58:51 Marshall Eubanks wrote:
>
> On twitter right now there are frequent claims that all https is blocked
> (presumably a port blocking).

A quick search pulls up.
http://www.cpj.org/internet/2011/01/tunisia-invades-censors-facebook-other-accounts.php

Since Gmail defaults to HTTPS, and many other sites left to their own devices, 
it is necessary for an attacker to try and force clients to use HTTP or start 
conversation using HTTP (so that no one notices when the important bit isn't 
encrypted, or to enable javascript from a third part to be injected).

NoScript for Firefox has a force HTTPS for a domain feature.
http://noscript.net/faq#qa6_3

But what clients really need is a way for servers to say "always use 
encryption".
http://noscript.net/faq#STS

Of course when it gets to the level of countries, it is quite plausible your 
browser may already trust a certificate authority under their jurisdiction so 
all bets are off.

I think I'm saying HTTPS doesn't quite hack it in browsers yet, but it will 
be "secure enough" real soon now.





More information about the NANOG mailing list